Protecting against Spam Emails
Home > 
Protecting against Spam Emails
< back

Protecting against Spam Emails

Spam has become a major problem for almost every email user. We all need to spend time cleaning away the massive amount of unwanted and unsolicited email messages everyday. Email users might also be charged by their Internet Service Provider (ISP) if their email account quota overflows with unsolicited email messages. Even worse, unsolicited email messages may carry malwares, indecent material, or try to fool you into giving away your personal information to fraudsters.

Unsolicited emails can also be deceptive and deliberately fraudulent in nature, leading to infection by malwares, identity theft, or even financial loss if instructions described in the messages are followed. Such fraudulent messages are called "scam emails".

Tips for End-users on Handling Spam Emails

Spammers collect your email address and verify that it is a valid address before they start sending spam emails to you. To reduce the possibility of receiving spam emails, you must protect your email address/account and your computer. The following are some tips:

Be careful in disclosing your email address or personal information:
Do not disclose your personal information too readily, including your email addresses;
Check the privacy policy of websites or companies before you provide any personal information when filling out web registration forms, online surveys, etc. Look for options that allow you to unsubscribe from receiving emails on offers or other marketing information;
Be careful when subscribing to free email account services, especially when filling in the account profile. Check the terms and conditions of the email service, especially their privacy policy; and
Do not publish your email address on public websites, contact directories, membership directories, or chat rooms.
Tips for using email account:
Whenever feasible, use separate email addresses for different purposes. For example, use one email address for public newsgroups or chat rooms, and another for personal email messages; and
Avoid using an email address that contains simple dictionary words, or common names. Spammers can use brute-force technique to guess valid email address at a specific domain using words from dictionaries, or combinations of common words.
When checking your emails:
Don't be caught by the spammers' favourite tricks, such as the use of subject headings like "Remember me?" that try to trick you into thinking you should know the sender;
Be cautious when opening emails and email attachments, especially when receiving emails from strangers;
Simply delete emails from unknown senders or dubious sources because your reply or click on any link in the email message from an unknown source, you are confirming to the unknown sender that your email address is a valid one;
Check the "sent" folder or outgoing mailbox of your email programme (or webmail account) to see if there are any outgoing messages that were not sent by you. If there are such messages, your computer may have been hacked and used by spammers to send emails from your computer. You should disconnect from the Internet immediately and scan your computer with anti-malware software (make sure the software's definition files are up-to-date); and
Tips for protecting your computer:
Use anti-spam solutions offered by ISPs or install email filters to reduce the amount of spam emails you receive;
Install and enable anti-malware software, and keep it up to date using the latest malware definition file. Enable real-time detection to scan for malwares for active processes, executables and document files that are being processed. Schedule a full system scan to run regularly, based on operational needs;
Install and enable personal firewall software; and
Apply the latest security patches/hot-fixes released by product vendors to the operating systems and/or applications installed in your computer.

What can you do if you receive a spam email?

If you receive any spam emails, you can:

Ignore and delete spam emails: this is the simplest and most effective way to handle spam emails. Never reply to spam emails;
Report the case to your Internet Service Provider (ISP) attaching the header of the spam email. Most ISPs have service terms that prohibit subscribers from using ISP services for spamming activities. Depending on the policy of your ISP, a spammer may be warned, have their service suspended or even terminated;
Report a any suspected contravention of the UEMO to Communications Authority (CA) if you suspect that there are professional spamming activities going on. If the spam emails contain suspected fraudulent or illegal information pretending to be sent from an identifiable organisation such as a bank, you may also complain to the related organisation; and
Consider discarding or shutting down your current email address and creating a new one if your email account becomes clogged with spam messages.

Beware of Email Scam

Apart from causing annoyance to recipients, unsolicited emails can also be deceptive and deliberately fraudulent in nature, leading to infection by malwares, identity theft, or even financial loss if instructions described in the messages are followed. Such fraudulent messages are called "scam emails".

In cases of email scam, the fraudsters hacked into the victim's email account, checked the victim’s business correspondence with business partners. They sent an email to the victim using the same or similar email account of his business partner and claimed that the payment bank account had been changed who further requested the victim to deposit the payment for goods into the fraudster’s designated bank account. Some victims have suffered significant amount of losses in some cases.

If you receive any suspicious emails, you should confirm the identity of the purported business partners or the authenticity of the requests by telephone, facsimile or other means before remittance so as to prevent from being deceived.
The Hong Kong Police Force also provides some advice for avoiding the traps set by these fraudulent emails.